Greetings:
I just installed a fresh copy of NTOP for a customer. While it has been
entirely helpful in tracking down some excessive bandwidth users in the
office, we are a bit concerned that some data appears to be missing from
the reports.
Specifically, we are not seeing any large downloads at all. For
example, my contact - while NTOP was running - went and downloaded the
Windows 2003 Service Pack 2 installer (over 100 meg). This download was
not displayed anywhere on the NTOP report. I would certainly think that
a 100 meg download would stick out like a sore thumb on at least the IP
reports.
If it means anything, I am seeing a HUGE disparity between the total
received and total processed counts on the summary->traffic page. Huge
as in over 120000 difference - and NTOP has only been running about 2
hours today. Total dropped packets - 504 (from libpcap). Machine is a
single P4 2.4 Ghz with 768 meg of ram. According to uptime, the system
load is under 0.01. According to vmstat, no swapping is occurring and
free memory is about 400 meg. NTOP version is 3.3.3 as pulled from SVN
yesterday (3-Oct-2007). NTOP was built with a simple ./configure.
NTOP is sitting on a monitor port watching the traffic going to the
customers internet router (cisco 2600 with 2 DS1's). Switch is a 3com 3300.
NTOP is being started with the following command line:
/usr/local/bin/ntop -u ntop -w2401 -4 -c -d -o -D domain.local -r 30
--no-fc --local-subnets
10.1.0.0/16=office,10.2.0.0/16=ferndale,10.3.0.0/16=rpm
Yeah, I know - tcp/2401 is CVS, trust me - this needs to be here...
Does anyone have any suggestions on how to get NTOP to not miss so much
data?
Ron Gage
Westland, MI
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
